Business Wire, a Berkshire Hathaway company, is the global market leader in press release distribution and regulatory disclosure. We are on a mission to redefine how organizations connect with their audiences - and that’s just the beginning!
Organizations, large and small, depend on us to accurately publicize market-moving news and multimedia, and generate social engagements that develop interactions with their target audiences.

TECHNICAL KNOWLEDGE

• The candidates MUST possess a solid working knowledge of:
• Identity and access management and governance concepts and technologies, such as Microsoft Entra, Active Directory, PAM, etc.
• Vulnerability management platforms such as Rapid7 and Wiz.
• IT asset management, Configuration Management Databases (CMDB), and network asset discovery tools.
• Control frameworks and objectives (e.g., NIST CSF, NIST RMF, PCI-DSS, SOX, SOC 2, GDPR, CCPA, etc.).
• Operating systems, databases, and middleware components.
• Performing compliance and risk assessments.
• Management of IT and security projects.
• Jira, Slack, and Office 365 tools (including Word, Excel, SharePoint, OneDrive, Teams, and PowerPoint).

ABOUT THE ROLE

The Senior Governance, Risk, and Compliance (GRC) Analyst will handle cybersecurity governance tasks, including creating and maintaining policies, standards, and procedures (documents) for cybersecurity controls and processes. This role will evaluate the effectiveness of security controls, ensure compliance with relevant frameworks, and improve risk management practices. The ideal candidate will have a strong knowledge of cybersecurity risk management and regulatory compliance, along with practical experience in integrated risk management (including third-party risk), policy, and document management tools.
The analyst will collaborate with the business, IT, and security teams to develop, review, and approve new and existing documents while assessing compliance to enhance adherence to the organization’s mandated regulations, standards, and policies.

WHAT YOU’LL DO

• 
  
  
  
• Review the current documents to identify and prioritize the requirements for revisions.

• Create new security policies, standards, and responsibility models to clearly define the organization’s security practices and responsibilities.
• Assess, deploy, and manage the GRC tool to streamline the GRC processes.
• Establish and oversee the policy and standards attestation process involving all stakeholders.
• Establish and oversee the process for policy and standards exceptions.
• Develop and oversee a Cybersecurity Awareness Training program.
• Facilitate document development and revision through meetings and workshops with SMEs, and secure consensus from their leadership.
• Develop questionnaires to evaluate the compliance of existing cybersecurity policies and standards and identify gaps in the organization’s Cybersecurity Risk Register.
• Oversee the management of cybersecurity controls and framework implementation, along with continuous maintenance.
• Develop and maintain an inventory of cybersecurity controls aligned with industry standards (e.g., NIST, SOC2, ISO 27001, CIS) and regulatory requirements (e.g., GDPR, CCPA, and SOX).